linux/fs
Alexey Dobriyan 786d7e1612 Fix rmmod/read/write races in /proc entries
Fix following races:
===========================================
1. Write via ->write_proc sleeps in copy_from_user(). Module disappears
   meanwhile. Or, more generically, system call done on /proc file, method
   supplied by module is called, module dissapeares meanwhile.

   pde = create_proc_entry()
   if (!pde)
	return -ENOMEM;
   pde->write_proc = ...
				open
				write
				copy_from_user
   pde = create_proc_entry();
   if (!pde) {
	remove_proc_entry();
	return -ENOMEM;
	/* module unloaded */
   }
				*boom*
==========================================
2. bogo-revoke aka proc_kill_inodes()

  remove_proc_entry		vfs_read
  proc_kill_inodes		[check ->f_op validness]
				[check ->f_op->read validness]
				[verify_area, security permissions checks]
	->f_op = NULL;
				if (file->f_op->read)
					/* ->f_op dereference, boom */

NOTE, NOTE, NOTE: file_operations are proxied for regular files only. Let's
see how this scheme behaves, then extend if needed for directories.
Directories creators in /proc only set ->owner for them, so proxying for
directories may be unneeded.

NOTE, NOTE, NOTE: methods being proxied are ->llseek, ->read, ->write,
->poll, ->unlocked_ioctl, ->ioctl, ->compat_ioctl, ->open, ->release.
If your in-tree module uses something else, yell on me. Full audit pending.

[akpm@linux-foundation.org: build fix]
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-16 09:05:39 -07:00
..
9p 9p: re-enable mount time debug option 2007-07-14 15:14:14 -05:00
adfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
affs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
afs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
autofs Replace pid_t in autofs with struct pid reference 2007-05-11 08:29:36 -07:00
autofs4 Fix some coding-style errors in autofs 2007-05-11 08:29:36 -07:00
befs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
bfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
cifs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
coda wrong order of arguments of ->readdir() 2007-07-15 16:40:51 -07:00
configfs Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
cramfs mm: make read_cache_page synchronous 2007-05-07 12:12:51 -07:00
debugfs debugfs: add rename for debugfs files 2007-07-11 16:09:00 -07:00
devpts devpts: add fsnotify create event 2007-05-08 11:14:59 -07:00
dlm [DLM] dump more lock values 2007-07-09 08:24:13 +01:00
ecryptfs sysfs: kill unnecessary attribute->owner 2007-07-11 16:09:06 -07:00
efs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
exportfs header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
ext2 xip sendfile removal 2007-07-10 08:04:15 +02:00
ext3 sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
ext4 sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
fat sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
freevxfs freevxfs: possible null pointer dereference fix 2007-05-08 11:14:59 -07:00
fuse sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
gfs2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmw 2007-07-10 13:56:13 -07:00
hfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hfsplus sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hostfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hpfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hppfs
hugetlbfs shm: fix the filename of hugetlb sysv shared memory 2007-06-16 13:16:16 -07:00
isofs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
jbd jbd commit: fix transaction dropping 2007-07-16 09:05:34 -07:00
jbd2 jbd2 commit: fix transaction dropping 2007-07-16 09:05:34 -07:00
jffs2 sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
jfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
lockd NLM: fix source address of callback to client 2007-07-10 23:40:49 -04:00
minix sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
msdos
ncpfs Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
nfs NFSv4: Make sure unlock is really an unlock when cancelling a lock 2007-07-10 23:40:49 -04:00
nfs_common
nfsd Merge git://git.linux-nfs.org/pub/linux/nfs-2.6 2007-07-13 16:46:18 -07:00
nls
ntfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
ocfs2 sysfs: kill unnecessary attribute->owner 2007-07-11 16:09:06 -07:00
openpromfs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
partitions sysfs: kill unnecessary attribute->owner 2007-07-11 16:09:06 -07:00
proc Fix rmmod/read/write races in /proc entries 2007-07-16 09:05:39 -07:00
qnx4 sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
ramfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
reiserfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
romfs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
smbfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
sysfs sysfs: add parameter "struct bin_attribute *" in .read/.write methods for sysfs binary attributes 2007-07-11 16:09:09 -07:00
sysv sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
udf sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
ufs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
vfat
xfs [XFS] Fix lockdep annotations for xfs_lock_inodes 2007-07-14 18:09:42 +10:00
aio.c signal/timer/event: KAIO eventfd support example 2007-05-11 08:29:37 -07:00
anon_inodes.c signal/timer/event fds: anonymous inode source 2007-05-11 08:29:36 -07:00
attr.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
bad_inode.c sendfile: remove bad_sendfile() from bad_file_ops 2007-07-10 08:04:15 +02:00
binfmt_aout.c
binfmt_elf_fdpic.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
binfmt_elf.c Fix elf_core_dump() when writing arch specific notes (spu coredumps) 2007-07-06 10:23:43 -07:00
binfmt_em86.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
binfmt_flat.c nommu: report correct errno in message 2007-06-08 17:23:32 -07:00
binfmt_misc.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
binfmt_script.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
binfmt_som.c
bio.c unexport bio_{,un}map_user 2007-07-10 08:03:34 +02:00
block_dev.c sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
buffer.c Fix "fs: convert core functions to zero_user_page" 2007-05-21 09:15:32 -07:00
char_dev.c [PATCH] remove protection of LANANA-reserved majors 2007-04-04 21:12:47 -07:00
compat_ioctl.c fix compat console unimap regression 2007-05-25 17:37:46 -07:00
compat.c optimize compat_core_sys_select() by a using stack space for small fd sets 2007-05-23 20:14:12 -07:00
dcache.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
dcookies.c
direct-io.c dio: remove bogus refcounting BUG_ON 2007-07-03 18:23:23 -07:00
dnotify.c
dquot.c circular locking dependency found in QUOTA OFF 2007-05-17 05:23:05 -07:00
drop_caches.c invalidate_mapping_pages(): add cond_resched 2007-07-16 09:05:36 -07:00
eventfd.c eventfd use waitqueue lock ... 2007-05-18 13:09:34 -07:00
eventpoll.c epoll: move kfree inside ep_free 2007-05-15 08:54:00 -07:00
exec.c uselib: add missing MNT_NOEXEC check 2007-05-23 20:14:13 -07:00
fcntl.c
fifo.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
file_table.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
file.c
filesystems.c add filesystem subtype support 2007-05-08 11:15:01 -07:00
fs-writeback.c
generic_acl.c
inode.c Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
inotify_user.c
inotify.c Introduce a handy list_first_entry macro 2007-05-08 11:15:11 -07:00
internal.h cleanup compat ioctl handling 2007-05-08 11:15:09 -07:00
ioctl.c vanishing ioctl handler debugging 2007-06-04 13:25:10 -07:00
ioprio.c
Kconfig 9p: Reorganization of 9p file system code 2007-07-14 15:13:40 -05:00
Kconfig.binfmt fs: Kill sh dependency for binfmt_flat. 2007-05-21 14:34:00 +09:00
libfs.c fs/libfs.c: >80 columns line break fix 2007-05-09 06:44:57 +02:00
locks.c Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
Makefile signal/timer/event: eventfd core 2007-05-11 08:29:36 -07:00
mbcache.c
mpage.c consolidate generic_writepages and mpage_writepages 2007-05-11 08:29:35 -07:00
namei.c [PATCH] complete message queue auditing 2007-05-11 05:38:26 -04:00
namespace.c check privileges before setting mount propagation 2007-05-08 11:15:12 -07:00
nfsctl.c
no-block.c
open.c Remove suid/sgid bits on [f]truncate() 2007-05-08 20:10:00 -07:00
pipe.c pipe: add documentation and comments 2007-07-10 08:04:16 +02:00
pnode.c Introduce a handy list_first_entry macro 2007-05-08 11:15:11 -07:00
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c
quota.c circular locking dependency found in QUOTA OFF 2007-05-17 05:23:05 -07:00
read_write.c Remove remnants of sendfile() 2007-07-10 08:04:15 +02:00
read_write.h
readdir.c ROUND_UP macro cleanup in fs/(select|compat|readdir).c 2007-05-08 11:15:09 -07:00
select.c Style fix in fs/select.c 2007-05-09 07:10:02 +02:00
seq_file.c Make common helpers for seq_files that work with list_heads 2007-07-10 17:51:13 -07:00
signalfd.c avoid spurious POLLIN returns in signalfd 2007-06-28 11:34:54 -07:00
splice.c splice: fix offset mangling with direct splicing (sendfile) 2007-07-13 14:14:31 +02:00
stack.c
stat.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
super.c add filesystem subtype support 2007-05-08 11:15:01 -07:00
sync.c Introduce fixed sys_sync_file_range2() syscall, implement on PowerPC and ARM 2007-06-28 11:38:30 -07:00
timerfd.c timerfd use waitqueue lock ... 2007-05-18 13:09:34 -07:00
utimes.c Fix permission checking for the new utimensat() system call 2007-07-08 12:02:55 -07:00
xattr_acl.c
xattr.c [PATCH] audit inode for all xattr syscalls 2007-05-11 05:38:26 -04:00